Privacy Policy
Last updated: 17 February 2025 | Effective: 17 February 2025
Pandan Core Pte. Ltd. ("Pandan Core", "we", "us") is committed to protecting the personal data of individuals who interact with our services, website, and training programmes. This Policy explains what data we collect, how we use it, and the rights you hold under Singapore's Personal Data Protection Act 2012 (PDPA) and other applicable regulations.
1. Data Controller
The data controller for personal data processed through this website and related services is Pandan Core Pte. Ltd., registered in Singapore. For data-related matters, contact our Data Protection Officer at [email protected].
2. Personal Data We Collect
We collect personal data in the following circumstances:
- Enquiry and contact forms — name, email address, phone number (if provided), and the content of your message.
- Training enrolment — name, professional role, organisation name, email, and any learning preferences shared during onboarding.
- Website analytics — anonymised usage data including pages visited, session duration, and browser type via analytics cookies (with consent).
- Business correspondence — emails, call notes, and documents exchanged during a client engagement.
- Payment processing — handled by our payment processor. Pandan Core does not store payment card details.
3. Legal Basis and Purpose of Processing
We process personal data under the following legal bases:
- Consent — for marketing communications and analytics cookies, where you have opted in.
- Contract performance — to deliver services, training programmes, and consulting engagements you have engaged us for.
- Legitimate interests — to respond to enquiries, maintain business records, and improve our services.
- Legal obligation — where we must retain records for tax, regulatory, or compliance purposes under Singapore law.
4. How We Use Your Data
- Responding to enquiries and service requests
- Delivering contracted training programmes and advisory engagements
- Sending service-related communications (confirmations, scheduling, updates)
- Marketing communications — only where you have given consent, with an opt-out option in every message
- Improving our website and service quality through anonymised usage data
- Complying with legal and regulatory obligations
5. Data Retention
We retain personal data only for as long as necessary for the purpose it was collected. Typical retention periods:
- Contact enquiries (no engagement follows): 12 months
- Client engagement records: 7 years from engagement close (tax and compliance requirement)
- Training participant records: 3 years from programme completion
- Marketing consent records: Until consent is withdrawn, plus 1 year
6. Data Sharing and Third Parties
We share personal data only where necessary:
- Service delivery partners — sub-contractors or subject matter experts who assist in delivering training or consulting, bound by confidentiality agreements.
- Technology providers — cloud infrastructure and communication tools (e.g., email, video conferencing). These providers act as data processors under our instruction.
- Analytics providers — anonymised aggregated data only, where you have consented to analytics cookies.
- Legal requirements — where disclosure is required by Singapore law, court order, or regulatory authority.
We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.
7. Data Security
- Data in transit protected by TLS encryption
- Data at rest stored on access-controlled cloud infrastructure with encryption at rest
- Access to personal data restricted to staff with a need-to-know basis
- Data breach notification procedures in place aligned with PDPA requirements
- Regular review of data handling practices as part of internal operations
8. Cookies
We use cookies and similar technologies on our website. For full details of cookie types, purposes, and how to manage your preferences, please refer to our Cookie Policy. You can withdraw cookie consent at any time.
9. Your Rights Under PDPA
As a data subject under Singapore's PDPA, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate or incomplete data
- Withdrawal of consent — withdraw consent for processing activities based on consent, including marketing
- Data portability — where applicable under PDPA amendments, request your data in a structured, machine-readable format
- Deletion — request deletion of data we are not legally required to retain
To exercise these rights, contact [email protected]. We will respond within 30 days. If you are not satisfied with our response, you may escalate to the Personal Data Protection Commission (PDPC) at pdpc.gov.sg.
10. Third-Party Links
Our website may include links to third-party websites, tools, or resources. This Privacy Policy does not extend to those external sites. We encourage you to review their privacy notices independently.
11. Children's Privacy
Our services are directed at business and professional audiences. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that such data has been submitted, it will be deleted promptly.
12. Policy Updates
We may update this Policy from time to time to reflect changes in our practices or legal requirements. We will notify affected parties of material changes by email or by posting an updated notice on this page. Continued use of our services after an update constitutes acceptance of the revised Policy.
13. Contact
For all data privacy enquiries or to exercise your rights:
- Email: [email protected]
- Address: George Street, Singapore
- Organisation: Pandan Core Pte. Ltd.